Cisco Blogs
Share

The “Wizzards” of Adware

- April 27, 2016 - 0 Comments

Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosure. This software exhibits several questionable behaviors including:

  • Attempts to detect sandboxes via a number of techniques
  • Attempts to detect AV
  • Attempts to detect security tools and forensic software
  • Attempts to detect remote desktop
  • Secretly installs software on the end host without user interaction or EULAs
  • Informs C2 via encrypted channel what software was installed and what “effective_price” was associated with it

Read More >>

 

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share